/    Sign up×
Community /Pin to ProfileBookmark

mysql error….

Copy linkTweet thisAlerts:
Aug 12.2014

Hi guys i have the following table
main_table
id
title
sub_title
contenido

I want to edit the content using the following code:

[code=php]<?php
$con = mysql_connect(“localhost”,”sparkle”,”sparkle”);
if (!$con)
{
die(mysql_error());
}
mysql_close($con);

if(isset($_GET[‘id’]))
$id=$_GET[‘id’];
else
$id=1;

$query = (“select title, sub_title, contenido from main_page WHERE id=$id”);
if ($row=mysql_fetch_array($query))
{

$title = $row[‘title’];
$sub_title = $row[‘sub_title’];
$contenido = $row[‘contenido’];

}

?>
[/code]

but i have the following error messge
Warning: mysql_fetch_array() expects parameter 1 to be resource, string given in C:wampwwwsparklenshine2adminedit.inc.php on line 18

Can please help me… thanks i am new a php

to post a comment
PHP

4 Comments(s)

Copy linkTweet thisAlerts:
@deathshadowAug 12.2014 — 1) this is 2014 not 2006, you shouldn't be using the mysql_ functions in the first place, hence the [url=http://php.net/manual/en/function.mysql-connect.php]giant red warning boxes in the manual[/url] waving you off? You should be using mysqli or PDO -- I would suggest the latter.

2) you shouldn't blindly be pasting $_GET values into a query string.

3) some sensible indenting wouldn't hurt.

4) Ternary comparisons would help reduce the code bloat.

5) you never actually run the query. You don't pass a query-string to mysql_fetch_array, you run the query and THEN pull the row from the result handler. You're missing a function and a variable.

6) You also don't connect to a database... what's your database called?

7) is there a reason you're making extra copies of those values into variables for nothing?

8) you also seem to be closing the mysql connection before you even use it?

Attempting to rewrite this to make SOME sort of sense...

&lt;?php

try {
$db = new PDO(
'mysql:host=localhost;dbname=database',
'sparkle', // username
'sparkle' // password
);
} catch (PDOException $e) {
die('Connection failed: ' . $e-&gt;getMessage());
}

$id = isset($_GET['id']) ? $_GET['id'] : 1;

$statement = $db-&gt;prepare('
SELECT title, sub_title, contenido
FROM main_page
WHERE id = :id
');

$statement-&gt;execute([':id' =&gt; $id]);

if ($row = $statement-&gt;fetch(PDO::FETCH_ASSOC)) {
// process your $row values here.
}

?&gt;

You'll need to change "database" in the DSN string above to match the name of the database that user account is associated with. The above uses a "prepared query" which is pretty much impervious to SQL injections, something your eight year out of date was not.

IF you REALLY insist on using mysql like it was 2006, that would go something like this:

&lt;?php

if (!($link = mysql_connect('localhost', 'sparkle', 'sparkle')) die(
'Could not connect: ' . mysql_error()
);

if (!mysql_select_db('database')) die (
'Cannot use database : ' . mysql_error()
);

$id = isset($_GET['id']) ? $_GET['id'] : 1;

$result = mysql_query('
SELECT title, sub_title, contenido
FROM main_page WHERE id = <span><code>', mysql_real_escape_string($id), '</code></span>
');

if ($row = mysql_fetch_assoc($result)) {
// process your $row values here.
}

mysql_close($link);

?&gt;

But again, I advise against that. I'm just providing it to show what you missed.

Though that just pulls the value, you said "edit" -- that would take an UPDATE, not a SELECT.
Copy linkTweet thisAlerts:
@williamh26authorAug 14.2014 — thank you... but i could not understand much your code.... i stick on this... now my code retrieves only the first data row but not the others.....



<?php

include("../mylibrary/login.php");

login();


if(isset($_GET['id']))

$id=$_GET['id'];

else

$id=1;

$query = ("select * from main_page WHERE id=$id") or die(mysql_error());

$result = mysql_query($query);

while($row = mysql_fetch_array($result))

{

$id = $row['id'];

$title = $row['title'];

$sub_title = $row['sub_title'];

$contenido = $row['contenido'];


echo"<form method='POST' action='update.php'>";

echo"<input type='hidden' name='id' value='$id'>";

echo"<div><input type='text' name='title' id='title' value='$title'></div>";

echo"<div><input type='text' name='sub_title' id='sub_title' value='$sub_title'/></div>";

echo"<div><input type='text' name='contenido' id='contenido' value='$contenido' /></div><br>";

echo"</form>";

}



?>

What i need to do ???
Copy linkTweet thisAlerts:
@deathshadowAug 14.2014 — Id's are usually unique, how would that query return more than one row?

Also STOP using multiple echo to do the job of one, STOP using double quotes for string outputs, STOP making variables for nothing, and it might really help if you ran htmlspecialchars on your variable outputs, particularly with them inside a value attribute.

But really you're only passing one ID, so how is there going to be more than one row? That's a guess though as I've no clue what your table structure is.
Copy linkTweet thisAlerts:
@GravyAug 14.2014 — If you really refuse to use properly escaped code... at the very least in this case:

[code=php]
if(isset($_GET['id']))
$id = (int)$_GET['id'];
else
$id = 1;
[/code]

The [B](int)[/B] will make sure that only a number will be obtained from [B]$_GET['id'][/B], otherwise you're just asking to be hacked.

But you really should do things the right way...
×

Success!

Help @williamh26 spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.29,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...